diff --git a/keystone/Chart.yaml b/keystone/Chart.yaml
new file mode 100644
index 0000000000..e83f42b08c
--- /dev/null
+++ b/keystone/Chart.yaml
@@ -0,0 +1,3 @@
+description: A Helm chart for keystone
+name: keystone
+version: 0.1.0
diff --git a/keystone/templates/db-sync.sh.yaml b/keystone/templates/db-sync.sh.yaml
new file mode 100644
index 0000000000..de1ddaff46
--- /dev/null
+++ b/keystone/templates/db-sync.sh.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: keystone-dbsyncsh
+data:
+ db-sync.sh: |+
+ #!/bin/bash
+ set -ex
+
+ keystone-manage db_sync
+ kolla_keystone_bootstrap {{ .Values.global.keystone.admin_user }} {{ .Values.global.keystone.admin_password }} {{ .Values.global.keystone.admin_project_name }} admin http://keystone-api:{{ .Values.global.network.port.admin }}/v3 http://keystone-api:{{ .Values.global.network.port.public }}/v3 http://keystone-api:{{ .Values.global.network.port.public }}/v3 {{ .Values.global.keystone.admin_region_name }}
diff --git a/keystone/templates/db-sync.yaml b/keystone/templates/db-sync.yaml
new file mode 100644
index 0000000000..f7ea254127
--- /dev/null
+++ b/keystone/templates/db-sync.yaml
@@ -0,0 +1,43 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: keystone-db-sync
+spec:
+ template:
+ spec:
+ restartPolicy: OnFailure
+ containers:
+ - name: keystone-init
+ image: {{ .Values.global.deployment.image.db_sync }}
+ imagePullPolicy: Always
+ env:
+ - name: INTERFACE_NAME
+ value: "eth0"
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: COMMAND
+ value: "bash /tmp/db-sync.sh"
+ - name: DEPENDENCY_JOBS
+ value: "keystone-init,mariadb-seed"
+ - name: DEPENDENCY_SERVICE
+ value: "mariadb"
+ volumeMounts:
+ - name: keystoneconf
+ mountPath: /etc/keystone/keystone.conf
+ subPath: keystone.conf
+ - name: dbsyncsh
+ mountPath: /tmp/db-sync.sh
+ subPath: db-sync.sh
+ volumes:
+ - name: keystoneconf
+ configMap:
+ name: keystone-keystoneconf
+ - name: dbsyncsh
+ configMap:
+ name: keystone-dbsyncsh
diff --git a/keystone/templates/deployment.yaml b/keystone/templates/deployment.yaml
new file mode 100644
index 0000000000..7e52451b2c
--- /dev/null
+++ b/keystone/templates/deployment.yaml
@@ -0,0 +1,70 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: keystone-api
+spec:
+ replicas: {{ .Values.global.deployment.replicas }}
+ template:
+ metadata:
+ labels:
+ app: keystone-api
+ spec:
+ nodeSelector:
+ {{ .Values.global.deployment.control_node_label }}: enabled
+ containers:
+ - name: keystone-api
+ image: {{ .Values.global.deployment.image.api }}
+ env:
+ - name: INTERFACE_NAME
+ value: "eth0"
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: COMMAND
+ value: "bash /tmp/start.sh"
+ - name: DEPENDENCY_JOBS
+ value: "keystone-init,keystone-db-sync,mariadb-seed"
+ - name: DEPENDENCY_SERVICE
+ value: "mariadb,rabbitmq"
+ - name: DEPENDENCY_CONFIG
+ value: "/etc/apache2/conf-enabled/wsgi-keystone.conf"
+ ports:
+ - containerPort: {{ .Values.global.network.port.public }}
+ - containerPort: {{ .Values.global.network.port.admin }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.global.network.port.public }}
+ volumeMounts:
+ - name: keystoneconf
+ mountPath: /etc/keystone/keystone.conf
+ subPath: keystone.conf
+ - name: wsgikeystone
+ mountPath: /configmaps/wsgi-keystone.conf
+ - name: mpmeventconf
+ mountPath: /etc/apache2/mods-available/mpm_event.conf
+ subPath: mpm_event.conf
+ - name: startsh
+ mountPath: /tmp/start.sh
+ subPath: start.sh
+ volumes:
+ - name: keystoneconf
+ configMap:
+ name: keystone-keystoneconf
+ - name: wsgikeystone
+ configMap:
+ name: keystone-wsgikeystone
+ - name: mpmeventconf
+ configMap:
+ name: keystone-mpmeventconf
+ # https://github.com/kubernetes/kubernetes/issues/23722
+ items:
+ - key: mpm-event.conf
+ path: mpm_event.conf
+ - name: startsh
+ configMap:
+ name: keystone-startsh
diff --git a/keystone/templates/init.sh.yaml b/keystone/templates/init.sh.yaml
new file mode 100644
index 0000000000..872b259623
--- /dev/null
+++ b/keystone/templates/init.sh.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: keystone-initsh
+data:
+ init.sh: |+
+ #!/bin/bash
+ set -ex
+ export HOME=/tmp
+
+ ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.global.database.address }}' login_port='{{ .Values.global.database.port }}' login_user='{{ .Values.global.database.root_user }}' login_password='{{ .Values.global.database.root_password }}' name='{{ .Values.global.database.keystone_database_name }}'"
+ ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.global.database.address }}' login_port='{{ .Values.global.database.port }}' login_user='{{ .Values.global.database.root_user }}' login_password='{{ .Values.global.database.root_password }}' name='{{ .Values.global.database.keystone_user }}' password='{{ .Values.global.database.keystone_password }}' host='%' priv='{{ .Values.global.database.keystone_database_name }}.*:ALL' append_privs='yes'"
+
diff --git a/keystone/templates/init.yaml b/keystone/templates/init.yaml
new file mode 100644
index 0000000000..dc559c8822
--- /dev/null
+++ b/keystone/templates/init.yaml
@@ -0,0 +1,37 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: keystone-init
+spec:
+ template:
+ spec:
+ restartPolicy: OnFailure
+ containers:
+ - name: keystone-init
+ image: {{ .Values.global.deployment.image.init }}
+ imagePullPolicy: Always
+ env:
+ - name: INTERFACE_NAME
+ value: "eth0"
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: COMMAND
+ value: "bash /tmp/init.sh"
+ - name: DEPENDENCY_JOBS
+ value: "mariadb-seed"
+ - name: DEPENDENCY_SERVICE
+ value: "mariadb"
+ volumeMounts:
+ - name: initsh
+ mountPath: /tmp/init.sh
+ subPath: init.sh
+ volumes:
+ - name: initsh
+ configMap:
+ name: keystone-initsh
diff --git a/keystone/templates/keystone.conf.yaml b/keystone/templates/keystone.conf.yaml
new file mode 100644
index 0000000000..b4d482596f
--- /dev/null
+++ b/keystone/templates/keystone.conf.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: keystone-keystoneconf
+data:
+ keystone.conf: |+
+ [DEFAULT]
+ debug = {{ .Values.global.misc.debug }}
+ use_syslog = False
+ use_stderr = True
+ workers = {{ .Values.global.misc.workers }}
+
+ [database]
+ connection = mysql+pymysql://{{ .Values.global.database.keystone_user }}:{{ .Values.global.database.keystone_password }}@{{ .Values.global.database.address }}/{{ .Values.global.database.keystone_database_name }}
+ max_retries = -1
+
+ [memcache]
+ servers = {{ .Values.global.memcached.address }}
+
+ [cache]
+ backend = dogpile.cache.memcached
+ memcache_servers = {{.Values.global.memcached.address}}
+ config_prefix = cache.keystone
+ distributed_lock = True
+ enabled = True
+
diff --git a/keystone/templates/mpm_event.conf.yaml b/keystone/templates/mpm_event.conf.yaml
new file mode 100644
index 0000000000..8e5555c949
--- /dev/null
+++ b/keystone/templates/mpm_event.conf.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: keystone-mpmeventconf
+data:
+ mpm-event.conf: |+
+
+ ServerLimit 1024
+ StartServers 32
+ MinSpareThreads 32
+ MaxSpareThreads 256
+ ThreadsPerChild 25
+ MaxRequestsPerChild 128
+ ThreadLimit 720
+
diff --git a/keystone/templates/service.yaml b/keystone/templates/service.yaml
new file mode 100644
index 0000000000..e6f3ac85e4
--- /dev/null
+++ b/keystone/templates/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: keystone-api
+spec:
+ ports:
+ - name: keystone-api-public
+ port: {{ .Values.global.network.port.public }}
+ - name: keystone-api-admin
+ port: {{ .Values.global.network.port.admin }}
+ selector:
+ app: keystone-api
diff --git a/keystone/templates/start.sh.yaml b/keystone/templates/start.sh.yaml
new file mode 100644
index 0000000000..f42d9deb45
--- /dev/null
+++ b/keystone/templates/start.sh.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: keystone-startsh
+data:
+ start.sh: |+
+ #!/bin/bash
+ set -ex
+
+ # Loading Apache2 ENV variables
+ source /etc/apache2/envvars
+ rm -rf /var/run/apache2/*
+ APACHE_DIR="apache2"
+
+ apache2 -DFOREGROUND
diff --git a/keystone/templates/wsgi-keystone.conf.yaml b/keystone/templates/wsgi-keystone.conf.yaml
new file mode 100644
index 0000000000..b39af2a4f7
--- /dev/null
+++ b/keystone/templates/wsgi-keystone.conf.yaml
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: keystone-wsgikeystone
+data:
+ wsgi-keystone.conf: |+
+ Listen {{ .Values.global.network.ip_address }}:{{ .Values.global.network.port.public }}
+ Listen {{ .Values.global.network.ip_address }}:{{ .Values.global.network.port.admin }}
+
+
+ WSGIDaemonProcess keystone-public processes=16 threads=6 user=keystone group=keystone display-name=%{GROUP}
+ WSGIProcessGroup keystone-public
+ WSGIScriptAlias / /var/www/cgi-bin/keystone/main
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+ = 2.4>
+ ErrorLogFormat "%{cu}t %M"
+
+ ErrorLog "|$/bin/cat 1>&2"
+ CustomLog "|/bin/cat" combined
+
+
+
+ WSGIDaemonProcess keystone-admin processes=16 threads=5 user=keystone group=keystone display-name=%{GROUP}
+ WSGIProcessGroup keystone-admin
+ WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+ = 2.4>
+ ErrorLogFormat "%{cu}t %M"
+
+ ErrorLog "|$/bin/cat 1>&2"
+ CustomLog "|/bin/cat" combined
+
diff --git a/keystone/values.yaml b/keystone/values.yaml
new file mode 100644
index 0000000000..ce40550a23
--- /dev/null
+++ b/keystone/values.yaml
@@ -0,0 +1,31 @@
+global:
+ deployment:
+ replicas: 1
+ control_node_label: openstack-control-plane
+ image:
+ db_sync: quay.io/stackanetes/stackanetes-keystone-api:newton
+ api: quay.io/stackanetes/stackanetes-keystone-api:newton
+ init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
+ network:
+ port:
+ admin: 35357
+ public: 5000
+ ip_address: "{{ .IP }}"
+ database:
+ address: mariadb
+ port: 3306
+ root_user: root
+ root_password: password
+ keystone_database_name: keystone
+ keystone_password: password
+ keystone_user: keystone
+ keystone:
+ admin_region_name: RegionOne
+ admin_user: admin
+ admin_password: password
+ admin_project_name: admin
+ memcached:
+ address: memcached
+ misc:
+ workers: 8
+ debug: false